Program analysis

• a better name for “object-sensitivity” might have been “allocation-site sensitivity”
• What is the relationship between taint tracking vs. DFA?
  • Taint tracking is a subset of DFA
• DFA vs. DFG vs. DDA vs. DDG?
  • Data Flow Analysis's input is a (i)CFG, and its output is for each program point in the (i)CFG, the pre-state and post-state in an abstract domain.
  • Data Flow Graph are sometimes used in a context outside the program analysis. It is basically a way to represent a value-oriented computation process (i.e. the normal program concepts such as variables and functions are typically not inside such DFG).
  • Data Dependency Analysis is a subset of Dependency Analysis, which is about dependency between statement pair. Again, it is mostly used in compiler domain, outside program analysis.
  • Data Dependency Graph is just the output of the DDA.
  • Object Flow Graph: Basically enhancing DFA for OOP features.